Crackme 22

2019-11-08 02:30:23

字体：大中小

来源：转载

供稿：网友

这里写图片描述无壳 vb 编写首先用OD动态调试，搜索字符串

找到了跳转条件ax不能为零这里写图片描述在往上查找的过程中，有个函数确定了字符串的值以及ax，设断点

发现了比较函数这里写图片描述

这里写图片描述于是知道了比较对象，为一个固定的字符串字符串从哪里来的从上个断点拼接成的

$-254 > 00623B74 UNICODE "123"$-250 > 005F35EC$-24C > 00000008$-248 > 00000054$-244 > 00653F44 UNICODE "rkh1oyie"$-240 > 00000000$-23C > 00000008$-238 > 005BC188$-234 > 006567E4$-230 > 0F05A5C5 返回到 MSVBVM50.0F05A5C5 来自 MSVBVM50.0F041534$-22C > 00000002$-228 > 005F35EC$-224 > 00000001$-220 > 00000001$-21C > 00000008$-218 > 005EF5C0$-214 > 0061686C UNICODE "bPe CrackMe v1.0 "$-210 > 00000000$-20C > 00000008$-208 > 00000000$-204 > 0064D304 UNICODE "rkh1oyi"$-200 > 00000000$-1FC > 00000008$-1F8 > 005BC188$-1F4 > 00605C74$-1F0 > 0F05A5C5 返回到 MSVBVM50.0F05A5C5 来自 MSVBVM50.0F041534$-1EC > 00000002$-1E8 > FFFFFFFF$-1E4 > 00000001$-1E0 > 04012201$-1DC > 00000008$-1D8 > FFFFFFFF$-1D4 > 0064452C UNICODE "bPe CrackMe v1.0 "$-1D0 > 04012201$-1CC > 00000008$-1C8 > 00000000$-1C4 > 0063E244 UNICODE "rkh1oy"$-1C0 > FFFFFFFF$-1BC > 00000008$-1B8 > 005BC188$-1B4 > 00640474$-1B0 > 0F05A5C5 返回到 MSVBVM50.0F05A5C5 来自 MSVBVM50.0F041534$-1AC > 00000002$-1A8 > 00000000$-1A4 > 00000001$-1A0 > 00D8BCB0$-19C > 00000008$-198 > 74AE1496 返回到 gdi32ful.74AE1496 来自 gdi32ful.74AF7755$-194 > 006219B4 UNICODE "bPe CrackMe v1.0 "$-190 > 00000000$-18C > 00000008$-188 > 01800009$-184 > 006194FC UNICODE "rkh1o"$-180 > 00000034$-17C > 00000008$-178 > 005BC188$-174 > 00619534$-170 > 0F05A5C5 返回到 MSVBVM50.0F05A5C5 来自 MSVBVM50.0F041534$-16C > 00000002$-168 > 0019F0A0$-164 > 00000001$-160 > 74AD7F30 gdi32ful.LpkDrawTextEx$-15C > 00000008$-158 > 00000048$-154 > 006216EC UNICODE "bPe CrackMe v1.0 "$-150 > 00D8BCA0 UNICODE "REGISTER"$-14C > 00000008$-148 > 1B283EDC$-144 > 006210FC UNICODE "rkh1"$-140 > 0019F0C8$-13C > 00000008$-138 > 005BC188$-134 > 00618B8C$-130 > 0F05A5C5 返回到 MSVBVM50.0F05A5C5 来自 MSVBVM50.0F041534$-12C > 00000002$-128 > 00002804$-124 > 00000001$-120 > 74AF63B4 返回到 gdi32ful.74AF63B4 来自 GDI32.GdiGetEntry$-11C > 00000008$-118 > 0019F118$-114 > 00621424 UNICODE "bPe CrackMe v1.0 "$-110 > 00D8BCB0$-10C > 00000008$-108 > 00000000$-104 > 00643D0C UNICODE "rkh"$-100 > 00000000$-FC > 00000008$-F8 > 005BC188$-F4 > 00643D44$-F0 > 0F05A5C5 返回到 MSVBVM50.0F05A5C5 来自 MSVBVM50.0F041534$-EC > 00000002$-E8 > 00D8BCB0$-E4 > 00000001$-E0 > 00000000$-DC > 00000008$-D8 > 00002B04$-D4 > 0062115C UNICODE "bPe CrackMe v1.0 "$-D0 > FFFFFFFF$-CC > 00000008$-C8 > 00042B04$-C4 > 005E6B34 UNICODE "rk"

rkh1oyie 为最后的注册码这里写图片描述